Many consumers use a variety of payment devices when purchasing services and goods. Example payment devices include credit cards, debit cards, and devices configured to operate as a payment device such as a mobile phone. A payment device may be “compromised” when information associated with the payment device is no longer secure. Examples of information that a card holder maintains as secure include an account number, expiration date, card verification value (CVV), billing address, personal identification number (PIN), password, personal information (e.g., mother's maiden name, place of birth), etc. The payment device may be compromised when the card holder's wallet or purse is lost or stolen, when conducting an unsecured on-line purchase transaction, when account information has been accessed without authorization, or due to any other breach in security that exposes account data to unauthorized users.
Compromised payment devices increase the likelihood of consumers becoming victims of identity theft. In order to prevent being a victim of financial identity theft, a card holder notifies the institutions associated with the payment devices of the compromised accounts. As a result, the card holder's accounts may be frozen, cancelled or otherwise flagged that the accounts may be exposed to fraudulent activity.
In the event that one credit card is compromised, there is a strong likelihood that the card holder's other payment devices may also be compromised. In other words, if personal information for one card is stolen, the stolen information may be used to access other accounts because the stolen information may be commonly shared among the different cards (e.g., same PIN or mother's maiden name). Thus, the card holder would be required to notify the issuer of each payment device independently that the payment devices have been compromised.
In some cases, a card holder may be unaware that his credit card has been compromised until notified by a bank that detected suspicious account activity or was otherwise made aware of potentially compromised accounts. For example, a credit card was used at a specific merchant and the account information was accessed without authorization at the merchant. Since there is a likelihood that a card holder may have used more than one account at the same merchant, it is also likely that the other accounts may also be compromised. Thus, the merchant may notify the card holder of the potentially compromised accounts. The card holder would then be required to notify the issuers of each potentially compromised account to cancel or otherwise restrict access to the accounts. This process may be time consuming due to the number of credit cards that were compromised, whether the contact information for each issuer is available, whether the card holder has access to a phone or computer to notify the issuers, etc.
A card holder may register with an identity theft protection organization (e.g., LifeLock™) to protect accounts from being compromised. Generally, a card holder registers a variety of different accounts with the organization. When the card holder learns that one of the accounts may have been compromised, the card holder informs the organization of the potentially compromised account. The identity theft protection organization then notifies issuers of the card holder's other registered accounts of the potentially compromised accounts such that the issuers are informed that an identity theft may occur. This process requires that the card holder register each account for which protection is sought. However, other accounts may be compromised for which the card holder neglected to register with the identity theft protection organization. Therefore, these unregistered accounts would not be protected against identity theft.
What is desired is a method for restricting access to compromised payment devices, where such method overcomes the noted disadvantages of existing approaches.